Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-17974

ACM Fine Grained RBAC in Search results for OpenShift Virtualization: TECH Preview

XMLWordPrintable

    • ACM Fine Grained RBAC TECH-Preview
    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • Green
    • Done
    • VIRTSTRAT-51 - Enable fine-grained RBAC support in ACM for Virt use cases
    • VIRTSTRAT-51Enable fine-grained RBAC support in ACM for Virt use cases
    • 0% To Do, 0% In Progress, 100% Done

      Epic Goal

      Skip first base and ... got direct to TECH-Preview of fine-grained RBAC based on discussion the last months see DDR for fine-grained-rbac

      This work is mainly for integration with OpenShift Virtualization

      Why is this important?

      The Virtual Machine view, needs to be able to filter Virtual Machines based on namespaces that a given user is granted access to at the ACM hub level.

      Scenarios

      As a virtual machine user, I should see the virtual machines that are in the projects I have been granted access too.  Access to projects for users or groups is done view ClusterPermission resources in the development preview.

      Acceptance Criteria

      If user1 has kubevirt.io:* on the project foo ONLY, they should NOT see virtual machines from namespace bar.

      Dependencies (internal and external)

      1. Aggregate API Server ACM-18470
      2. RFE - ClusterPermissions to allow JUST the creation of RoleBiniding and ClusterRoleBinding ACM-18969

      Previous Work (Optional):

      1. ClusterPermissions CRD & Controller
      2. [Kessel POC that can create a ClusterPermission|Management Fabric - ACM / CNV PoC - Google Docs]

      Open questions:

      1. Can we move the kessel flag forward in parallel
      2. Where do we converge kessel

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
        Issue>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Figure out where and how we document that this affects ClusterPermissions and search results.
      • Considerations were made for Extended Update Support (EUS)

              jbanerje@redhat.com Joydeep Banerjee
              rhn-support-cstark Christian Stark
              Eveline Cai Eveline Cai
              Votes:
              0 Vote for this issue
              Watchers:
              11 Start watching this issue

                Created:
                Updated:
                Resolved: